BERLIN/VIENNA:  "Your booking has not been fully confirmed." The message is asking for you to verify your payment to keep the Booking.com accommodation you've just booked.

It might seem legit, but it's one of a number of scams targeting holidaymakers using the travel agency website.

The scam messages contain a link leading to a fake website that looks like the original Booking.com page, where customers are asked to enter their data.

They’re told that if the booking is not reconfirmed within a few hours, it’ll be cancelled. Once the customer enters their credit card data the cybercriminals steal it.

What's particularly perfidious is that, according to consumer protection website Watchlist Internet, contact is often made not via email or text message, but using the chat feature on Booking.com – the official communication channel between accommodation and guest.

How is this possible? The criminals have probably obtained the login credentials of the hotel or vacation rental operators and are thus able to log into their Booking.com accounts, view bookings there and then contact customers over chat. It’s understandable why victims have fallen for it without suspecting anything being amiss.

Consumer advocates advise customers to never enter credit card details on websites linked to in a message, even if these links are sent using the Booking.com chat. If in doubt, contact the hotel or accommodation by phone.

Booking.com's advice

What does Booking.com say about this? The booking platform advises that "should a customer have concerns about a payment message, we recommend carefully reviewing the payment terms listed on the accommodation's Booking.com listing page and in the booking confirmation."

Customers are encouraged to report any suspicious messages or concerns about an accommodation to Booking.com's customer service.

The website emphasises that as a general rule, no legitimate transaction requires a customer to provide sensitive information such as their credit card details using email, chat, SMS, WhatsApp, or phone, or to make a payment that deviates from the original booking terms.

In addition to the scam involving bogus booking confirmations, Watchlist Internet also warns against fake listings on Booking.com, which often contain strikingly cheap offers.

A clear warning sign is that the booking can’t be completed on the platform. Instead, you’re asked to contact the accommodation owners or letting agency using WhatsApp or email. Then you’ll be asked to transfer the money to complete the booking and of course that's the last you'll see of it.

Booking.com says it takes "extensive, strict measures" to protect customers and partners from fraud, including using detection systems that are constantly being improved.

The site says that in 2023, 1.5 million phishing-based fake reservations were detected and blocked and in 2024 the number fell to 250,000. – dpa/Tribune News Service